Contact Us:
Computer Security Products, Inc.
200 Matheson Blvd. W., Ste 200
Mississauga, Ontario
Canada L5R 3L7

Tel: 1-905-568-8900
Fax: 1-905-568-8911
Toll Free: 1-800-565-0415

Support@CSPSecurity.com

CSP Passport

CSP PassPort is a solution that provides enhanced security on HP NonStop systems by permitting a much higher degree of control over user access and activity than is otherwise possible. CSP PassPort is implemented as a host-based terminal process that controls user access to programs and restricts the user to specific commands based upon their profile. Moreover, CSP Passport provides many unique security features including the ability to audit all user commands and session I/O.

CSP PassPort Overview

CSP PassPort is essentially a terminal emulator that intercepts ALL terminal IO for any or all sessions. In either menu mode where the user is presented with a defined set of commands or in non-menu mode whereby its presence is transparent to a user, CSP Passport can:
- Secure an asynchronous line
- Run as its own Telserv service
- Replace an existing TACL service
- Execute from an existing TACL session

CSP PassPort does NOT require SAFEGUARD although, when both are implemented, CSP PassPort provides security and audit features that exceed the ability of SAFEGUARD. The CSP PassPort policy database is similar to the SAFEGUARD user database in that an "alias" is assigned to a NSK user ID (or even another SAFEGUARD Alias). The power of CSP PassPort is its ability to control the access of each alias differently, even for the same underlying user ID or SAFEGUARD Alias. This unique feature offers superior control over the individual user by granting or denying access to individual subcommands or functions within a subsystem, program or application.

Using conventional GUARDIAN or SAFEGUARD security, access is granted to all commands within an application even when only a small subset of commands is desired. With CSP PassPort, access to a powerful user ID can be given to a user, solely for the commands required by a particular function. An example of this could be when an operator may require the SUPER ID to reset a line. With authentication via CSP PassPort, the user alias can be granted SUPER ID authority (without requiring the SUPER ID password) to reset the line, but simultaneously denied from any other authority of the SUPER ID.

With CSP Passport, access to OSS may be granted, denied, or required by a given user. If using OSS, all commands may be audited at the discretion of the administrator.

From a TACL prompt a user can also initiate CSP PassPort dynamically. Running the program dynamically is useful in situations where several individuals share a common user ID. For instance, a user may typically perform most operations using their own user ID. However, this user may occasionally need restricted access to a shared ID such as the SUPER ID. By using CSP PassPort as the gateway into the powerful ID, the system manager or security administrator can monitor and control the use of the ID.

Not only are specific terminal and command restrictions significant benefits of CSP PassPort, an access matrix facility is also included. Any CSP PassPort alias can be limited to specific days of the week and specific times of the day.

An example of how CSP PassPort can be used:

A security help-desk employee, who works a shift from 8:00 AM to 5:00 PM, Monday through Friday, may be required to reset passwords for some users. Under normal circumstances, this user would require the SUPER ID or Security Administrator ID, depending on how ownership of the users is defined. With CSP PassPort, an alias can be created for the appropriate user ID. This alias can be granted the authority to perform a password reset, but be denied all other powerful commands.
The user could be restricted from using all connections other than the terminal located at their desk. Finally, this alias can only be granted access to the system from the hours of 8:00 AM to 5:00 PM, Monday through Friday.

Key Features:

Sophisticated security controls beyond those offered by GUARDIAN and
SAFEGUARD security.

Password quality checks that can be enforced.

Each individual person having access tothe SUPER ID can have a
different list of commands that are allowed or restricted
Individual user accountability for shared and powerful IDs.

Commands entered from within system utilities such as
SQLCI, SCF, FUP, etc. can be controlled and monitored.

All commands can be audited. This can also including detailed
auditing of every keystroke and response sent to and from a terminal.

CSP PassPort aliases can be frozen during particular days/times.
Passwords to powerful IDs such as SUPER.SUPER need not be made
known to users.

Audit trails are formatted as SAFEGUARD-like files. Allowing for
complete integration with Auditview for Windows which can combine
Audit data from both.

CSP PassPort and SAFEGUARD Can be configured to prevent process
inheritance by another user once the original user logs off.